Re: Profile merge and security issues

2016-02-01 Thread Serge Huber
Hello Thomas, I think all your proposition make a lot of sense (of course since we discussed them first :)). I vote that we first implement a token system and that we can always improve this further. Ideally we should have one token per accepted server, not a single one for all external

[jira] [Commented] (UNOMI-15) Use token to authenticate third party servers and secure login events

2016-02-01 Thread Thomas Draier (JIRA)
[ https://issues.apache.org/jira/browse/UNOMI-15?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15126264#comment-15126264 ] Thomas Draier commented on UNOMI-15:

[jira] [Created] (UNOMI-15) Use token to authenticate third party servers and secure login events

2016-02-01 Thread Thomas Draier (JIRA)
Thomas Draier created UNOMI-15: -- Summary: Use token to authenticate third party servers and secure login events Key: UNOMI-15 URL: https://issues.apache.org/jira/browse/UNOMI-15 Project: Apache Unomi

[jira] [Created] (UNOMI-14) Merge of profile for user using the same browser

2016-02-01 Thread Thomas Draier (JIRA)
Thomas Draier created UNOMI-14: -- Summary: Merge of profile for user using the same browser Key: UNOMI-14 URL: https://issues.apache.org/jira/browse/UNOMI-14 Project: Apache Unomi Issue Type:

Re: Profile merge and security issues

2016-02-01 Thread Jean-Baptiste Onofré
Hi Thomas, good point. I think we should avoid to merge 2 identified profiles as I don't see a valid use case (merging makes sense only for anonymous profile IMHO). Regards JB On 02/01/2016 01:26 PM, Thomas Draier wrote: Hi there, I have some security concerns with the merge actions.